Infrastructure
Rememberry is a web app that uses a flashcard system based on a mindmap to visualize your flashcards in a tree diagram. The current learning experience of regular flashcards is improved with contextualized ones and spaced repetition.
The document explains the usage of Kubernetes to establish a robust interface between frontend and backend systems. It further details the setup of a secure, high-availability (HA) PostgreSQL database and a HashiCorp Vault cluster, using rotating credentials for security enhancement. Knowledge of Kubernetes, Helm charts, web principles, and different JavaScript runtimes are considered to be a requirement to understand the content of this document. By request this document refers to actions that are made by the user while interacting with the web application that then trigger HTTP requests to either backend or frontend.
The cloud infrastructure is hosted on Scaleway, using three compute nodes to form a High Availability (HA) managed Kubernetes cluster. The production environment is composed of the following components:
Each incoming request is directed towards the load balancer, implemented via a Traefik reverse proxy. This load balancer forwards the traffic towards the designated service based on predefined rules. Kubernetes services then act as an abstraction over the actual pod instances, enabling Traefik to facilitate load balancing across multiple pod replicas of the service. This approach distributes network traffic to ensure high availability and scalability. Traefik seamlessly integrates with Kubernetes, offering automatic service discovery and dynamic configuration. It autonomously updates routing rules as services within the Kubernetes cluster are modified, ensuring ongoing efficient load balancing.
The frontend and backend services are deployed on Kubernetes, each currently operating a single replica based on their distinct Docker images. They run on different JavaScript Runtimes, with the frontend running on NodeJS and the NextJS framework, and the backend on Bun. Endpoints from both deployments are first exposed locally via a Kubernetes ingress controller and then made public through the Traefik reverse proxy.
The high availability PostgreSQL database cluster is deployed utilizing the Helm Chart distribution from bitnami. This particular distribution encompasses a management service named pgpool, which facilitates a range of functionalities, including load balancing, connection pooling, and automated failover mechanisms for at least two PostgreSQL instances. Within this setup, one instance serves as the primary node, while the remaining instances function as replica nodes.
HashiCorp Vault is a secret management tool that secures databases and provides secure credentials management for backend services. It employs a dynamic system to create (lease), renew, and revoke database access credentials, distributing them securely to clients. Featuring short-lived, revocable credentials, Vault ensures that access is both secure and ephemeral, significantly reducing the risk associated with compromised credentials. To further enhance system security and reliability, HashiCorp Vault is deployed with high availability within a Kubernetes cluster, ensuring continuous operation and robust protection against failures.
